System, method, and computer-readable medium for authentication center-initiated authentication procedures for a mobile station attached with an IP-femtocell system

ABSTRACT

A system, method, and computer readable medium that facilitate authentication center-initiated authentication procedures for a mobile station attached with a femtocell system are provided. A femtocell system may generate a registration identification of a mobile station from one or more mobile station authentication parameters. A convergence server located in a core network receives an authentication procedure request from an authentication center for the mobile station attached with the femtocell system and generates an authentication procedure request message that includes the registration identification assigned to the mobile station. The convergence server then transmits the authentication procedure request message to the femtocell system and receives a response to the authentication procedure request message from the femtocell system. The authentication procedure request may comprise a unique challenge, a shared secret data update procedure, or a call history count update procedure.

CROSS REFERENCE TO RELATED APPLICATIONS

This application is a continuation of U.S. Ser. No. 12/605,519 filedOct. 26, 2009, entitled “SYSTEM, METHOD, AND COMPUTER-READABLE MEDIUMFOR AUTHENTICATION CENTER-INITIATED AUTHENTICATION PROCEDURES FOR AMOBILE STATION ATTACHED WITH AN IP-FEMTOCELL SYSTEM”, which is acontinuation-in-part of U.S. Ser. No. 12/252,231 filed Oct. 15, 2008,entitled, “SYSTEM, METHOD, AND COMPUTER-READABLE MEDIUM FOR PROCESSINGCALL ORIGINATIONS BY A FEMTOCELL SYSTEM”, now issued U.S. Pat. No.8,194,590 issued on Jun. 5, 2012, which is a continuation-in-part ofU.S. Ser. No. 12/252,246, filed on Oct. 15, 2008, entitled, “SYSTEM,METHOD, AND COMPUTER-READABLE MEDIUM FOR USER EQUIPMENT REGISTRATION ANDAUTHENTICATION PROCESSING BY A FEMTOCELL SYSTEM”, now issued U.S. Pat.No. 8,351,901, issued on Jan. 8, 2013, which is a continuation-in-partof U.S. Ser. No. 12/252,238 filed on Oct. 15, 2008, entitled “SYSTEM,METHOD, AND COMPUTER-READABLE MEDIUM FOR SHORT MESSAGE SERVICEPROCESSING BY A FEMTOCELL SYSTEM”, each of which claims priority to U.S.provisional patent application Ser. No. 61/003,151 filed Nov. 15, 2007,entitled, “SIP-IOS adapter function”, the disclosures of each of whichare incorporated herein by reference. Incorporated by reference is U.S.Ser. No. 12/252,237 filed Oct. 15, 2008, entitled, “SYSTEM, METHOD, ANDCOMPUTER-READABLE MEDIUM FOR CALL TERMINATION PROCESSING BY A FEMTOCELLSYSTEM” and U.S. Ser. No. 12/252,242 filed Oct. 15, 2008, entitled,“SYSTEM, METHOD, AND COMPUTER-READABLE MEDIUM FOR SHORT MESSAGE SERVICETERMINATION PROCESSING BY A FEMTOCELL SYSTEM”, now issued U.S. Pat. No.8,351,963 issued on Jan. 8, 2013, and U.S. Ser. No. 12/252,199 filedOct. 15, 2008, entitled, “SYSTEM, METHOD, AND COMPUTER-READABLE MEDIUMFOR IP-FEMTOCELL PROVISIONED RADIO ACCESS NETWORK”, now issued U.S. Pat.No. 8,103,274 issued on Jan. 24, 2012, and U.S. Ser. No. 12/252,202filed Oct. 15, 2008, entitled, “SYSTEM, METHOD, AND COMPUTER-READABLEMEDIUM FOR USER EQUIPMENT HANDOFF WITHIN AN IP-FEMTOCELL NETWORK” andU.S. Ser. No. 12/252,204 filed Oct. 15, 2008, entitled, “SYSTEM, METHOD,AND COMPUTER-READABLE MEDIUM FOR USER EQUIPMENT ACQUISITION OF ANIP-FEMTOCELL SYSTEM” and U.S. Ser. No. 12/252,210 filed Oct. 15, 2008,entitled, “SYSTEM, METHOD, AND COMPUTER-READABLE MEDIUM FOR USEREQUIPMENT HANDOFF FROM A MACROCELLULAR NETWORK TO AN IP-FEMTOCELLNETWORK” and U.S. Ser. No. 12/252,212 filed Oct. 15, 2008, entitled,“SYSTEM, METHOD, AND COMPUTER-READABLE MEDIUM FOR CONFIGURATION OF ANIP-FEMTOCELL SYSTEM” and U.S. Ser. No. 12/252,217 filed Oct. 15, 2008,entitled, “SYSTEM, METHOD, AND COMPUTER-READABLE MEDIUM FORMOBILE-TO-MOBILE CALLS WITHIN FEMTOCELL NETWORK”, now issued U.S. Pat.No. 8,224,291 issued on Jul. 17, 2012, and U.S. Ser. No. 12/252,222filed Oct. 15, 2008, entitled, “SYSTEM, METHOD, AND COMPUTER-READABLEMEDIUM FOR ACCESS RESTRICTION OF USER EQUIPMENT DEVICES IN ANIP-FEMTOCELL SYSTEM” and U.S. Ser. No. 12/252,226 filed Oct. 15, 2008,entitled, “SYSTEM, METHOD, AND COMPUTER-READABLE MEDIUM FORABBREVIATED-CODE DIALING IN A NETWORK SYSTEM”, now issued U.S. Pat. No.8,346,216 issued on Jan. 1, 2013, and U.S. Ser. No. 12/252,227 filedOct. 15, 2008, entitled, “SYSTEM, METHOD, AND COMPUTER-READABLE MEDIUMFOR MULTI-STAGE TRANSMIT PROTECTION IN A FEMTOCELL SYSTEM” and U.S. Ser.No. 12/252,234 filed Oct. 15, 2008, entitled, “SYSTEM, METHOD, ANDCOMPUTER-READABLE MEDIUM FOR MOBILE TERMINATED CALL PROCESSING BY AFEMTOCELL SYSTEM”, now issued U.S. Pat. No. 8,059,585 filed on Nov. 15,2011, and PCT Ser. No. PCT/US08/80031 filed Oct. 15, 2008, entitled,“SYSTEM, METHOD, AND COMPUTER-READABLE MEDIUM FOR PROCESSING CALLORIGINATIONS BY A FEMTOCELL SYSTEM” and PCT Ser. No. PCT/US08/80032filed Oct. 15, 2008, entitled, “SYSTEM, METHOD, AND COMPUTER-READABLEMEDIUM FOR SHORT MESSAGE SERVICE PROCESSING BY A FEMTOCELL SYSTEM” andPCT Ser. No. PCT/US08/80033 filed Oct. 15, 2008, entitled, “SYSTEM,METHOD, AND COMPUTER-READABLE MEDIUM FOR USER EQUIPMENT REGISTRATION ANDAUTHENTICATION PROCESSING BY A FEMTOCELL SYSTEM”.

FIELD OF THE INVENTION

The present invention is generally related to radio access technologiesand, more particularly, to mechanisms for facilitating mobile stationregistration and authentication via a femtocell system.

BACKGROUND OF THE INVENTION

Contemporary cellular radio systems, or mobile telecommunicationsystems, provide an over-the-air interface to wireless mobile stations(MSs), also referred to as user equipments (UEs), via a radio accessnetwork (RAN) that interfaces with at least one core network. The RANmay be implemented as, for example, a CDMA2000 RAN, a Universal MobileTelecommunications System (UMTS) RAN, a Global System for Mobilecommunications (GSM) RAN, or another suitable radio access networkimplementation. The MSs may comprise, for example, a mobile terminalsuch as a mobile telephone, a laptop computer featuring mobile telephonysoftware and hardware, a personal digital assistant (PDA), or othersuitable equipment adapted to transfer and receive voice or datacommunications with the radio access network.

A RAN covers a geographical area comprised of any number of cells eachcomprising a relatively small geographic area of radio coverage. Eachcell is provisioned by a cell site that includes a radio tower, e.g., abase transceiver station (BTS), and associated equipment. BTSscommunicate with MSs over an air interface within radio range of theBTSs.

Numerous BTSs in the RAN may be communicatively coupled to a basestation controller (BSC), also commonly referred to as a radio networkcontroller (RNC). The BSC manages and monitors various system activitiesof the BTSs serviced thereby. BSCs are typically coupled with at leastone core network.

BTSs are typically deployed by a carrier network in areas having a highpopulation density. The traffic capacity of a cell site is limited bythe site's capacity and affects the spacing of cell sites. In suburbanareas, sites are often up to two miles apart, while cell sites deployedin dense urban areas may be as close as one-quarter of a mile apart.Because the traffic capacity of a cell site is finitely limited, as isthe available frequency spectrum, mobile operators have a vestedinterest in technologies that allow for increased subscriber capacity.

A microcell site comprises a cell in a mobile phone network that coversa limited geographic area, such as a shopping center, hotel, airport, orother infrastructure that may have a high density mobile phone usage. Amicrocell typically uses power control to limit the radius of themicrocell coverage. Typically a microcell is less than a mile wide.

Although microcells are effective for adding network capacity in areaswith high mobile telephone usage, microcells extensively rely on theRAN, e.g., a controlling BSC and other carrier functions. Becausecontemporary BSCs have limited processing and interface capacity, thenumber of BTSs—whether microcell BTSs or typical carrier BTSs—able to besupported by the BSC or other RAN functions is disadvantageouslylimited.

Contemporary interest exists in providing enterprise and office access,including small office/home office (SOHO) radio access, by an evensmaller scale BTS. The radio coverage area of such a system is typicallyreferred to as a femtocell. In a system featuring a femtocell, an MS maybe authorized to operate in the femtocell when proximate the femtocellsystem, e.g., while the MS is located in the SOHO. When the MS movesbeyond the coverage area of the femtocell, the MS may then be servicedby the carrier network. The advantages of deployment of femtocells arenumerous. For instance, mobile users frequently spend large amounts oftime located at, for example, home, and many such users rely extensivelyon cellular network service for telecommunication services during thesetimes. For example, a recent survey indicated that nearly thirteenpercent of U.S. cell phone customers do not have a landline telephoneand rely solely on cell phones for receiving telephone service. From acarrier perspective, it would be advantageous to have telephone servicesprovisioned over a femtocell system, e.g., deployed in the user's home,to thereby reduce the load and effectively increase the capacity on thecarrier RAN infrastructure. However, no efficient mechanisms have beenprovided for efficiently providing a convergence of femtocell andmacrocellular systems in a manner that facilitates registration andauthentication of mobile stations via a femtocell system.

Therefore, what is needed is a mechanism that overcomes the describedproblems and limitations.

SUMMARY OF THE INVENTION

The present invention provides a system, method, and computer readablemedium for facilitating authentication center-initiated authenticationprocedures for a mobile station attached with a femtocell system. Afemtocell system may generate a registration identification of a mobilestation from one or more mobile station authentication parameters. Aconvergence server located in a core network receives an authenticationprocedure request from an authentication center for the mobile stationattached with the femtocell system and generates an authenticationprocedure request message that includes a registration identifierassigned to the mobile station. The convergence server then transmitsthe authentication procedure request message to the femtocell system andreceives a response to the authentication procedure request message fromthe femtocell system. In an embodiment, the authentication procedurerequest comprises a unique challenge. In another embodiment, theauthentication procedure request comprises a shared secret data updateprocedure. In yet another embodiment, the authentication procedurerequest comprises a call history count update procedure.

In accordance with an embodiment, a method of providing anauthentication center-initiated authentication procedure to a mobilestation attached with a femtocell system is provided. The methodincludes receiving, by a convergence server located in a core network,an authentication procedure request from an authentication center forthe mobile station attached with the femtocell system, generating, bythe convergence server, an authentication procedure request message thatincludes a registration identifier assigned to the mobile station,transmitting, by the convergence server, the authentication procedurerequest message to the femtocell system, and receiving, by theconvergence server, a response to the authentication procedure requestmessage from the femtocell system.

In accordance with another embodiment, a computer-readable medium havingcomputer-executable instructions tangibly embodied thereon for executionby a processing system, the computer-executable instructions forproviding an authentication center-initiated authentication procedure toa mobile station attached with a femtocell system, is provided. Thecomputer-readable medium includes instructions that, when executed,cause the processing system to receive, by a convergence server locatedin a core network, an authentication procedure request from anauthentication center for the mobile station attached with the femtocellsystem, generate, by the convergence server, an authentication procedurerequest message that includes a registration identifier assigned to themobile station, transmit, by the convergence server, the authenticationprocedure request message to the femtocell system, receive, by theconvergence server, a response to the authentication procedure requestmessage from the femtocell system, and map the authentication procedureto the mobile station using the registration identifier.

In accordance with another embodiment, a network system that providesauthentication center-initiated authentication procedures for mobilestations is provided. The network system includes a core network thatincludes a convergence server, a mobile core network that includes anauthentication center, and an Internet Protocol-based femtocell systemthat provides a radio access point for a mobile station. The convergenceserver receives an authentication procedure request from theauthentication center for the mobile station, generates anauthentication procedure request message that includes a registrationidentifier assigned to the mobile station, transmits the authenticationprocedure request message to the femtocell system, and receives aresponse to the authentication procedure request message from thefemtocell system. The femtocell system maps the authentication procedureto the mobile station using the registration identifier.

BRIEF DESCRIPTION OF THE DRAWINGS

Aspects of the present disclosure are best understood from the followingdetailed description when read with the accompanying figures, in which:

FIG. 1 is a diagrammatic representation of a network system thatincludes a cellular network adapted to provide macro-cellular coverageto a mobile station;

FIG. 2 is a diagrammatic representation of a conventional network systemconfiguration featuring a femtocell system;

FIG. 3A is a diagrammatic representation of a network system in which afemtocell system implemented in accordance with an embodiment of theinvention may be deployed;

FIG. 3B is a diagrammatic representation of an alternative networksystem in which a femtocell system implemented in accordance with anembodiment of the invention may be deployed;

FIG. 4 is a simplified diagrammatic representation of femtocell systemthat facilitates provisioning of a femto-RAN in accordance with anembodiment;

FIG. 5 depicts a block diagram of a data processing system that may beimplemented as a convergence server in accordance with an embodiment ofthe present invention;

FIG. 6 depicts a diagrammatic representation of a registration andauthentication process on initial system access by a mobile station viaa femtocell system in a non-Internet Protocol Multimedia Subsystemnetwork implemented in accordance with an embodiment;

FIG. 7 depicts a diagrammatic representation of a registration andauthentication process on initial system access by a mobile station viaa femtocell system in an Internet Protocol Multimedia Subsystem networkimplemented in accordance with an embodiment;

FIG. 8 depicts a diagrammatic representation of an authenticationcenter-initiated unique challenge process for a registered mobilestation attached with a femtocell system in accordance with anembodiment;

FIG. 9A is a diagrammatic representation of an authentication requestmessage transmitted to a femtocell system from an authentication centerimplemented in accordance with an embodiment;

FIG. 9B is a diagrammatic representation of an authentication responsemessage transmitted from a femtocell system to an authentication centerimplemented in accordance with an embodiment;

FIG. 10 depicts a diagrammatic representation of an authenticationcenter-initiated shared secret data key update process implemented inaccordance with an embodiment;

FIG. 11A is a diagrammatic representation of a shared secret data keyupdate request message implemented in accordance with an embodiment andproduced in response to an authentication center-initiated shared secretdata key update;

FIG. 11B is a diagrammatic representation of a shared secret data keyupdate response message implemented in accordance with an embodiment;

FIG. 11C is a diagrammatic representation of a base station challengerequest message implemented in accordance with an embodiment;

FIG. 11D is a diagrammatic representation of a base station challengeresponse message implemented in accordance with an embodiment;

FIG. 12 depicts a diagrammatic representation of an authenticationcenter-initiated call history count update process implemented inaccordance with an embodiment;

FIG. 13A is a diagrammatic representation of a parameter update requestmessage implemented in accordance with an embodiment; and

FIG. 13B is a diagrammatic representation of a parameter update responsemessage implemented in accordance with an embodiment.

DETAILED DESCRIPTION OF THE INVENTION

It is to be understood that the following disclosure provides manydifferent embodiments or examples for implementing different features ofvarious embodiments. Specific examples of components and arrangementsare described below to simplify the present disclosure. These are, ofcourse, merely examples and are not intended to be limiting.

FIG. 1 is a diagrammatic representation of a network system 100 thatincludes a cellular network 110 adapted to provide macro-cellularcoverage to a mobile station. Cellular network 110 may comprise, forexample, a code-division multiple access (CDMA) network, such as aCDMA-2000 network.

Cellular network 110 may include any number of base transceiver stations(BTSs) 112 a-112 c communicatively coupled with a base stationcontroller (BSC) 114 or RNC. Each individual BTS 112 a-112 c under thecontrol of a given BSC may define a radio cell operating on a set ofradio channels thereby providing service to an MS 125, such as a mobileterminal. BSC 114 manages the allocation of radio channels, receivesmeasurements from mobile terminals, controls handovers, as well asvarious other functions as is understood. BSC 114 is interconnected witha Mobile Switching Center (MSC) 116 that provides mobile terminalexchange services. BSC 114 may be additionally coupled with a packetdata serving node (PDSN) 118 or other gateway service that provides aconnection point between the CDMA radio access network and a packetnetwork, such as Internet 160, and provides mobility managementfunctions and packet routing services. MSC 116 may communicativelyinterface with a circuit switched network, such as the public switchedtelephone network (PSTN) 150, and may additionally be communicativelycoupled with an interworking function (IWF) 122 that provides aninterface between cellular network 110 and PSTN 150.

System 100 may also include a signaling system, such as a signalingsystem #7 (SS7) network 170. SS7 network 170 provides a set of telephonysignaling protocols which are used to set up the vast majority of theworld's PSTN telephone calls. SS7 network 170 is also used in cellularnetworks for circuit switched voice and packet-switched dataapplications. As is understood, SS7 network 170 includes varioussignaling nodes, such as any number of service control points (SCPs)172, signal transfer points (STPs) 174, and service switching points(SSPs) 176.

BTSs 112 a-112 c deployed in cellular network 110 may service numerousnetwork 110 subscribers. Cell cites provided by BTSs 112 a-112 ccommonly feature site ranges of a quarter to a half mile, e.g., indensely populated urban areas, to one to two miles in suburban areas. Inother remotely populated regions with suitable geography, site rangesmay span tens of miles and may be effectively limited in size by thelimited transmission distance of relatively low-powered MSs. As referredto herein, a cell provided by a BTS deployed in carrier network 110 foraccess by any authorized network 110 subscriber is referred to as amacrocell.

FIG. 2 is a diagrammatic representation of a conventional network system200 configuration featuring a femtocell. In the depicted example, acentral BSC 214 deployed in a cellular carrier network 210 may connectwith a soft switch core 212 that is connected with a MSC 216. MSC 216connects with the cellular core network and may interface with othernetworks, such as the PSTN as is understood. BSC 214 may be connectedwith and service numerous BTSs 212 a-212 c that provide macrocells tocellular network 210 subscribers.

BSC 214 may additionally connect with a tunnel gateway system 218 thatis adapted to establish secured tunnels 232 a-232 x with respectivefemtocell systems 250 a-250 x. Femtocells comprise cellular accesspoints that connect to a mobile operator's network using, for example, aresidential Digital Subscriber Line (DSL) or cable broadband connection.Femtocells 250 a-250 x provide a radio access point for MS 225 when theMS is within range of a femtocell system with which the MS hasauthorized access. For example, femtocell system 250 a may be deployedin a residence of the user of MS 225. Accordingly, when the user iswithin the residence, mobile telecommunications may be provided to MS225 via an air-interface provided by femtocell system 250 a. In thisinstance, MS 225 is effectively offloaded from the macro BTS, e.g., BTS212 a, and communications to and from the MS are carried out withfemtocell system 250 a over Internet 260. Thus, femtocell systems 250a-250 x may reduce the carrier radio resource demands by offloading MSsfrom macrocells to femtocells and thereby provide for increasedsubscriber capacity of cellular network 210.

In contemporary implementations such as that depicted in FIG. 2, afemtocell system 250 a comprises a transceiver without intelligence andis thus required to be connected and managed by BSC 214. Thus, femtocellsystems 250 a-250 x are reliant on the carrier network centralized BSC214 which has limited capacity and thus does not exhibit desirablescaling characteristics or capabilities. Moreover, high communicationsoverhead are realized by the BTS backhaul.

FIG. 3A is a diagrammatic representation of a network system 300 inwhich a femtocell system implemented in accordance with an embodiment ofthe invention may be deployed. System 300 includes a mobile core network310 implemented as, for example, a code division multiple access (CDMA)core network that interfaces with a SS7 network 370. Mobile core network310 may include a Messaging Center (MC) 312, a Home Location Register(HLR) 314, an authentication center (AC) 315, a Mobile Switching Center(MSC) 316, a Packet Data Serving Node (PDSN) 318, and various othercomponents. The HLR 314 is a central database that contains details ofeach MS subscriber authorized to use the mobile core network 310. Theremay be several HLRs deployed in the core network 310. The HLR 314maintains details of each Subscriber Identity Module (SIM) card issuedby the mobile network operator, e.g., the International MobileSubscriber Identity (IMSI) stored in the SIM card, services authorizedfor the associated user, a location of the MS, and various otherinformation. The HLR 314 may interface with the AC 315 that functions tofacilitate authentication of MSs that access the cellular network. TheMSC 316 provides mobile terminal exchange services and maycommunicatively interface with a circuit switched network, such as thepublic switched telephone network. The MSC 316 handles voice calls andShort Message Service (SMS), sets up and releases end-to-endconnections, and handles mobility and hand-over requirements duringcalls as well as other functions. The PDSN 318 provides an interfacebetween the radio access and IP networks. The PDSN 318 provides, forexample, mobility management functions and packet routing functionality.

System 300 includes an Internet Protocol (IP) core network 320 thatinterfaces with the SS7 network 370, e.g., via IS-41. In accordance withan embodiment, the IP core network 320 includes a convergence server(CS) 322, a softswitch/Media Gateway Controller Function (MGCF) 324, anda Media Gateway (MGW) 326 among other components. The CS 322 may becommunicatively coupled with the SS7 network 370 and a Packet DataInterworking Function (PDIF) 332, e.g., via Session Initiation Protocol(SIP) communications. The CS 322 provides SIP registration functions anda central interface point to Voice over Internet Protocol (VoIP)elements and the softswitch/MGCF 324. The CS 322 further providesSIP-MSC and Interworking functions between existing VoIP networkelements and the operator's core network. To this end, the CS 322 mayinterface directly with the MC 312 and the HLR 314 using, for example, aTIA-41 interface.

The softswitch/MGCF 324 may be communicatively coupled with the CS 322,e.g., via SIP communications, with the SS7 network 370, and with the MGW326. The softswitch/MGCF 324 may connect calls from one device toanother and perform call control protocol conversion, for example,between SIP and ISDN User Part (ISUP). The MGW 326 may becommunicatively coupled with the SS7 network 370 and the PDIF 332 inaddition to the softswitch/MGCF 324. The MGW 326 may convert databetween real-time transport protocol (RTP) and pulse code modulation(PCM), and may also be employed for transcoding. Resources of the MGW326 may be controlled by the softswitch/MGCF 324.

In accordance with an embodiment, the system 300 may include a SecurityServer (SS) 330 that interfaces with the SS7 network 370, e.g., viaIS-41, and the PDIF 332, e.g., via a Wm interface. The PDIF 332facilitates access to the IP core network 320 via WiFi access points andmay be responsible for such services as, for example, security, access,authentication, policy enforcement, user information collection, and IPaddress allocation as well as other services. The PDIF 332 mayinterface, e.g., via SIP communications, with the CS 322, and may haveReal-time Transport Protocol (RTP) communications with the MGW 326.Further, the PDIF 332 may have secured IP communications, e.g., IPsec,established with one or more femtocell systems, e.g., a femtocell system350 deployed at a user premise, such as a home office. The securedcommunications may be established between the PDIF 332 and the femtocellsystem 350 over, for example, a broadband network 360 interface such asa residential DSL or cable broadband connection. The femtocell system350, in turn, provides a radio access point for one or more MSs 325 whenthe MS 325 is within range of the femtocell system 350 with which the MS325 has authorized access.

In accordance with an embodiment, a femtocell system 350 may includeintegrated BTS and BSC functions and may feature additional capabilitiesavailable in the provided femtocell site coverage area. Femtocell system350 provides an IP-accessible radio access network, is adapted foroperation with IP core network 320, and provides radio link controlfunctions. Femtocell system 350 may be communicatively coupled withbroadband network 360 via any variety of backhaul technologies, such asan 802.11x link, a 10/100 BaseT LAN link, a T1/E1 Span or fiber, cableset top box, DSL modem connected with a central office digitalsubscriber line access multiplexer, a very small aperture terminal(VSAT), or another suitable backhaul infrastructure.

In an embodiment, femtocell system 350 includes a session initiationprotocol (SIP) adapter that supports a SIP client pool and providesconversion of call set-up functions to SIP client set-up functions. Tothis end, the femtocell system 350 may be allocated an IP address.Additionally, femtocell system 350 includes electronic serial number(ESN) screening and/or Mobile Equipment Identifier (MEID) screening toallow only designated MSs to access the femtocell. Configuration of thefemtocell system 350 with ESN(s) or MEID(s) may be made as part of aninitial femtocell system 350 activation.

In another embodiment, a femtocell system 350 may be implemented as a3G-compliant entity, e.g., to service UMTS mobile terminals, and may bedeployed in a small office/home office (SOHO) or other suitableenterprise. To this end, the femtocell system 350 may include anintegrated RNC and radio node (RN). In a particular implementation, thefemtocell system 350 may be implemented as an Evolution-Data Optimized(EV-DO) entity, e.g., a 1xEV-DO integrated IP-RAN. The femtocell system350 provides an IP-accessible radio access network and provides radiolink control functions.

FIG. 3B is a diagrammatic representation of an alternative networksystem 301 in which a femtocell system implemented in accordance with anembodiment of the invention may be deployed. System 301 includes amobile core network 310 implemented as, for example, a CDMA core networkthat interfaces with a SS7 network 370. The mobile core network 310 mayinclude an MC 312, an HLR 314, an AC 315, an MSC 316, and a PDSN 318,and various other components as described above with regard to themobile core network 310 of FIG. 3A.

System 301 includes an IP Multimedia Subsystem (IMS) core network 321that interfaces with the SS7 network 370. In accordance with anembodiment, the IMS core network 321 includes a CS 322, a MGCF 325, anMGW 326, an X-Call Session Control Function (X-CSCF) 328, and a HomeSubscriber Server (HSS) 329 among other components. The X-CSCF 328processes SIP signaling packets and provides a centralized interface forcontrol and signaling including SIP registration functions in accordancewith disclosed embodiments. The X-CSCF 328 may provideInterrogating-CSCF (I-CSCF) services, Proxy-CSCF (P-CSCF) services, andServing-CSCF (S-CSCF) services. The X-CSCF 328 comprises various SIPservers or proxies that process SIP signaling packets in the IMS corenetwork 321. P-CSCF services provided by X-CSCF may include provisioninga first point of contact for an IMS-compliant MS. In such a situation,the X-CSCF may be located in a visited network or in an MS's homenetwork if the visited network is not fully IMS-compliant. An MS maydiscover the X-CSCF 328, e.g., by using Dynamic Host ConfigurationProtocol (DHCP), or by assignment in a packet data protocol context.S-CSCF services provided by the X-CSCF 328 include provisioning as acentral node of the signaling plane. To this end, the S-CSCF comprises aSIP server, but additionally performs session control. Further, theX-CSCF 328 is interfaced with the HSS 329 and/or HLR 314 to download andupload user profiles for providing S-CSCF services. The X-CSCF 328further includes a SIP function for providing I-CSCF services. To thisend, the X-CSCF 328 has an IP address that is published in the DomainName System (DNS) that facilitates location of the X-CSCF 328 by remoteservers. Thus, I-CSCF services of the X-CSCF 328 may be used as aforwarding point for receipt of SIP packets within the domain.

The CS 322 may be configured to operate as an IMS application serverthat interfaces with the X-CSCF 328 using the ISC interface. The HSS 329comprises a user database that supports IMS network entities that manageor service calls. The HSS 329 contains subscription-related information,e.g., subscriber profiles, may perform authentication and authorizationof users, and may provide information about locations of MSs and IPinformation. In a fully standard IMS architecture, the CS 322 mayinterface with the HSS 329. However, in other scenarios, the HLR 314 mayanchor the service even with the HSS 329 deployed within the system 301.Accordingly, the CS 322 may be communicatively interfaced with the HLR314 for location updates using, for example, a TIA-41 interface.Further, the CS 322 is preferably interfaced with the MC 312 using, forexample, a TIA-41 interface.

The CS 322 may be communicatively coupled with the SS7 network 370, theMGCF 325, e.g., via SIP communications, the X-CSCF 328, e.g., via ISC,and the HSS 329, e.g., via an Sh interface. The MGCF 325 may becommunicatively coupled with the MGW 326, e.g., via an Mn interface, theX-CSCF 328, e.g., via an Mg interface, and the SS7 network 370 inaddition to the CS 322. The MGW 326 may be communicatively coupled withthe SS7 network 370 and a PDIF 332 in addition to the MGCF 325. The MGW326 may convert data between RTP and PCM, and may also be employed fortranscoding. Resources of the MGW 326 may be controlled by the MGCF 325.The X-CSCF 328 may be communicatively coupled with the PDIF 332 forexchanging SIP communications therewith and the HSS 329, e.g., via a Cxinterface, in addition to the CS 322 and the MGCF 325. The HSS 329 maybe communicatively coupled with the SS7 network 370, e.g., via IS-41,and a SS 330, e.g., via a Wx interface. The SS 330 may be coupled withthe PDIF 332, e.g., via a Wm interface.

The PDIF 332 facilitates access to the IMS core network 321 via WiFiaccess points and may be responsible for such services as, for example,security, access, authentication, policy enforcement, user informationcollection, and IP address allocation as well as other services. ThePDIF 332 may have RTP communications with the MGW 326. Further, the PDIF332 may have secured IP communications, e.g., IPsec, established withone or more femtocell systems, e.g., a femtocell system 350 deployed ata user premise, such as a home office. The secured communications may beestablished between the PDIF 332 and the femtocell system 350 over, forexample, a broadband network 360 interface such as residential DSL orcable broadband connection. The femtocell system 350, in turn, providesa radio access point for one or more MSs 325 when the MS 325 is withinrange of the femtocell system 350 with which the MS 325 has authorizedaccess.

FIG. 4 is a simplified diagrammatic representation of femtocell system350 that facilitates provisioning of a femto-RAN in accordance with anembodiment. Femtocell system 350 includes an antenna 410 coupled with aRN 412. RN 412 may be implemented, for example, as a 1xEV-DO ASIC devicefor provisioning a 1xEV-DO Rev. 0 air interface or a 1xEV-DO Rev. A airinterface. RN 412 may be communicatively coupled with a RNC 414 thatprovides radio control functions, such as receiving measurements fromMSs, control of handovers to and from other femtocell systems, and mayadditionally facilitate handoff to or from macrocells. RNC 414 may alsoprovide encryption/decryption functions, power, load, and admissioncontrol, packet scheduling, and various other services.

Femtocell system 350 includes an electronic serial number screeningfunction 416 that may facilitate approving or rejecting service for anMS by femtocell system 350. Additionally, femtocell system 350 includesan Internet Operating System (IOS) and SIP Adapter (collectivelyreferred to as IOS-SIP Adapter 418). IOS-SIP adapter 418 may invoke andmanage SIP clients, such as a user agent (UA) pool comprising one ormore UAs. Each MS authorized to be serviced by femtocell system 350 mayhave a UA allocated therefor by femtocell system 350 in a manner thatfacilitates transmission of communications to and from an MS over an IPbackhaul. Accordingly, when an authorized MS is within the femtocellsystem 350 site range, telecommunication services may be provided to theMS via the IP backhaul and the femtocell system 350 provisioned RAN.When the MS is moved beyond the service range of femtocell system 350,telecommunication service may then be provided to the MS viamacrocellular coverage. Femtocell system 350 may perform a DNS/ENUMregistration on behalf of MSs authorized to obtain service fromfemtocell system 350 and may generate and issue a SIP registration onbehalf of an MS authorized for service access by the femtocell system350.

FIG. 5 depicts a block diagram of a data processing system that may beimplemented as a convergence server 322 in accordance with an embodimentof the present invention. CS 322 may be a symmetric multiprocessor (SMP)system including a plurality of processors 502 and 504 connected to asystem bus 506. Alternatively, a single processor system may beemployed. Also connected to system bus 506 is memory controller/cache508 which provides an interface to local memory 509. An I/O bus bridge510 is connected to system bus 506 and provides an interface to an I/Obus 512. Memory controller/cache 508 and I/O bus bridge 510 may beintegrated as depicted.

Peripheral component interconnect (PCI) bus bridge 514 connected to I/Obus 512 provides an interface to PCI local bus 516. A number of modemsmay be connected to a PCI local bus 216. Communication links to clientsmay be provided through a modem 518 and network adapter 520 connected toPCI local bus 516 through add-in connectors.

Additional PCI bus bridges 522 and 524 provide interfaces for additionalPCI local buses 526 and 528, from which additional modems or networkadapters may be supported. In this manner, server 322 allows connectionsto multiple system nodes. A memory-mapped graphics adapter 530 and harddisk 532 may also be connected to I/O bus 512 as depicted, eitherdirectly or indirectly.

Those of ordinary skill in the art will appreciate that the hardwaredepicted in FIG. 5 may vary. For example, other peripheral devices, suchas optical disk drives and the like, also may be used in addition to orin place of the hardware depicted. The depicted example is not meant toimply architectural limitations with respect to the present invention.

While the CS 322 depicted in FIG. 5 comprises an SMP system, it shouldbe understood that any variety of server configurations andimplementations may be substituted therefor. The depicted server 322 isprovided only to facilitate an understanding of disclosed embodiments,and the configuration of the CS 322 is immaterial with regard to thedisclosed embodiments.

In many CDMA networks, a subscriber is uniquely identified by thecombination of an electronic serial number (ESN) and a mobileidentification number (MIN). A mobile equipment identifier (MEID) is anextension of the ESN that facilitates an increase in the number ofmanufacturers' codes. A pseudo-ESN (p-ESN) may be derived from the MEIDto be used in place of the ESN. The MIN-ESN, or MIN-p-ESN, combinationis used primarily for registration and authentication functions.Contemporary CDMA MSs may support an international mobile stationidentity (IMSI) and use the IMSI in place of the MIN to offer animproved address space and utilization by international applications.With the introduction of IMSI, the concept of a mobile station identitymay be either an MIN or an IMSI. Due to the variations in differentparameters for identification, it is assumed herein that a uniqueidentifier is included in the username portion of the To Header of aSIP:REGISTER request to create and identify the mobile stationsubscriber during the registration procedures described hereinbelow.This unique identifier is referred to herein as the register ID (RegID).An optional network dependent predefined prefix may be stripped from theregister ID prior to use in the convergence server functions. Theregister ID may contain an MIN or an IMSI paired with either an MEID, anESN, or a p-ESN. However, other options may be suitably implementedwithout departing from the disclosed embodiments.

In accordance with an embodiment, the CS 322 emulates the functionalityof a MSC and Visitor Location Register (VLR) to facilitateauthentication and registration of MSs in a carrier's CDMA network. Tothis end, the CS 322 may interface with the HLR 314 for authentication,location updates, and other services using an IS-41 interface.

In a pre-IMS environment, e.g., such as network system 300 depicted inFIG. 3A, the CS 322 receives a SIP:REGISTER message directly from thefemtocell system 350, or from the femtocell system 350 acting as a proxyfor the MS 325. The CS 322 provides SIP registration functions and isthe central interface point to the softswitch/MGCF 324 and VoIPelements.

In an IMS network such as network system 301 depicted in FIG. 3B, the CS322 functions as an IMS application server, and the IMS infrastructureprovides the centralized interface control and signaling including SIPregistration functions. In this environment, the femtocell system 350itself, or alternatively the femtocell system 350 acting as a proxy forthe MS 325, sends a SIP:REGISTER (e.g., via other CSCFs) to the S-CSCFwhich performs a third-party registration of the MS 325 with the CS 322based on initial filter criteria stored in the HSS 329.

In an embodiment, the femtocell system 350 may be configured to support“Global Challenge” based authentication on all system access (e.g.,Registration, Call Origination, Call Termination, and Data Burstmessages). The femtocell system may indicate a Global Challenge requestby setting an authentication bit (e.g., AUTH=1) in the overhead messagetrain (OMT). The femtocell system 350 may also include a global randomchallenge value (RAND) used in generating the authentication result byboth the MS and the HLR/AC.

The femtocell system preferably establishes an IPsec tunnel over thebroadband network with the PDIF 332 or, alternatively, a P-CSCF beforesending any SIP traffic to the CS 322. The IPsec tunnel may beestablished immediately after the femtocell system 350 is powered on orwhen an MS 325 attempts to establish a connection with the femtocellsystem 350. In this implementation, the CS 322 is not involved inestablishing the IPsec tunnel.

In an embodiment, the CS 322 may be configured to receive CDMA-1xauthentication data at the end of a SIP registration message using aSIP:MESSAGE received from the femtocell system 350. In this manner, theCS 322 conveys the result of the 1x authentication and, if needed,performs various authentication procedures, such as a unique challenge,SSD update, and a call history count.

FIG. 6 depicts a diagrammatic representation of a registration andauthentication process 600 on initial system access by an MS via afemtocell system in a non-IMS network, such as network system 300depicted in FIG. 3A, implemented in accordance with an embodiment. A SIPregistration phase is invoked by transmission of an OMT by the femtocellsystem 350 (step 602). An OMT facilitates autonomous registration andmay, for example, be transmitted on paging/access channels. Transmissionof the OMT by the femtocell system 350 may be made at a predefinedinterval, e.g., once a second. The OMT may include parameters for systemand region identification and may be distinguished from OMTs transmittedby other entities, e.g., by macro BTSs. An MS 325 in idle mode maydetect the OMT when the MS 325 is within range of the femtocell system350. In accordance with an embodiment, the OMT transmitted by thefemtocell system 350 includes an authentication bit (AUTH) having avalue, e.g., “1”, that indicates authentication is required for allsystem access. Further, the OMT includes a random number (RAND)generated by the femtocell system 350.

Based on the values in the OMT, the MS determines that a new servingsystem has been encountered and that authentication is required based onthe authentication bit value (AUTH=1). Subsequently, the MS 325 attemptsto obtain the random number (RAND) to be used for the authenticationfrom the OMT. If the random number is not available, a zero value may beused by the MS as prescribed by TR-45 authentication procedures. The MS325 then generates an authentication result (AUTHR). For example, the MS325 may generate an authentication result from a shared secret data key(SSD-A) stored by the MS 325, the ESN or p-ESN, the MIN, and the RANDvalue obtained from the OMT. The authentication result may be generated,for example, by execution of the well known CAVE algorithm by the MS325. The MS then transmits a registration request to the femtocellsystem 350 (step 604). The register message may include the MS's MIN,ESN or p-ESN, the authentication result (AUTHR), a CallHistoryCount(COUNT), and a random confirmation (RANDC) derived from the randomnumber (RAND) used to compute the authentication result (AUTHR).

On receiving the registration request from the MS 325, the femtocellsystem 350 sends a SIP:REGISTER message to the CS 322 (step 606) inaccordance with an embodiment that includes the unique register IDassociated with the MS, e.g., derived from an MIN or an IMSI paired witheither an MEID, an ESN, or a p-ESN.

Optionally, the femtocell system 350 may establish an IPsec tunnel withthe PDIF 332. The CS 322 then acknowledges receipt of the SIP:REGISTERmessage by transmitting a 200 OK SIP response to the femtocell system350 (step 608).

A registration phase is then invoked by the femtocell system 350transmitting 1x authentication parameters received from the MS 325 atstep 604 to CS 322 in a SIP: MESSAGE(LOCATION_UPDATING_REQUEST) (step610). The location updating request message includes the random number(RAND) rather than the random number confirmation (RANDC). The locationupdating request message additionally may include parameters, such as aRegister ID, ESN, MEID, MIN, IMSI, etc. Using the Register ID, the CS322 may associate the location updating request with the precedingSIP:REGISTER request received thereby from the femtocell system 350 instep 606. If the location updating request message includes aP-Access-Network-Info (PANI) header that may specify information aboutthe access technology, the CS 322 may save the PANI information.

The CS 322 acknowledges receipt of the location updating request messageby transmitting a 200 OK SIP response to the femtocell system 350 (step612). Network authentication and registration then occurs via exchangesbetween the CS 322 and HLR/AC (step 614). As part of the authenticationresponse, the HLR/AC may trigger Unique Challenge, SSD update, orCountUpdate procedures.

The CS 322 informs the femtocell system 350 of the authentication andregistration results by transmitting a SIP location updating responsemessage to the femtocell system 350 (step 616). In the event of anauthentication or registration failure, the CS 322 may send aSIP:MESSAGE containing, for example, an XML-encoded message body thatfacilitates deregistration of the femtocell system 350. The femtocellsystem 350 acknowledges receipt of the authentication and registrationresults by sending a 200 OK SIP response to the CS 322 (step 618). Inthe event of either a registration or authentication failure, aderegistration process 630 is invoked by the femtocell system 350transmitting a deregistration message, e.g., a SIP: REGISTER messagewith an expire value “0”, to the CS 322 (step 620). The CS 322acknowledges receipt of the deregistration message by transmitting a 200OK SIP response to the femtocell system 350 (step 622).

FIG. 7 depicts a diagrammatic representation of a registration andauthentication process 700 on initial system access by an MS via afemtocell system in an IMS network, such as network system 301 depictedin FIG. 3B, implemented in accordance with an embodiment. In thisimplementation, it is assumed that the MS comprises a standard 1x mobilephone and the femtocell system 350 is configured to operate as an IMSclient on behalf of the mobile stations attached with the femtocellsystem 350. When an MS attempts to establish a connection with thefemtocell system 350, the femtocell system 350 first attempts toregister in the IMS network on behalf of the MS. As part of theregistration, the IMS network may perform IMS-AKA authentication or,alternatively, allow the registration without performing anyauthentication. Further, in the described implementation, it is assumedthat the CS 322 is configured to act as an application server (AS) inthe IMS domain, and that it receives 3rd-party registration requestsfrom the S-CSCF at the end of the IMS network registration process.

The femtocell system 350 transmits an OMT (step 702) at a predefinedinterval. An MS 325 in idle mode may detect the OMT when the MS 325 iswithin range of the femtocell system 350 as described above withreference to FIG. 3A. The OMT transmitted by the femtocell system 350may include an authentication bit (AUTH) having a value, e.g., “1”, thatindicates authentication is required for all system access, and a randomnumber (RAND) generated by the femtocell system 350. On receipt of theOMT, the MS determines that a new serving system has been encounteredand that authentication is required based on the authentication bitvalue (AUTH=1). Subsequently, the MS 325 attempts to obtain the randomnumber (RAND) to be used for the authentication from the OMT. If therandom number is not available, a zero value may be used by the MS asprescribed by TR-45 authentication procedures. The MS 325 then generatesan authentication result (AUTHR), and transmits a registration requestto the femtocell system 350 (step 704). The registration message mayinclude the MS's MIN, ESN or p-ESN, the authentication result (AUTHR), aCallHistoryCount (COUNT), and a random number confirmation (RANDC)derived from the random number (RAND) used to compute the authenticationresult (AUTHR).

An IMS registration phase 730 is then initiated by the femtocell system350 sending a registration request to the S-CSCF (step 706). The S-CSCFthen sends a 3rd-party registration request to the CS 322 (step 708),and the CS 322 returns a 200 OK SIP response to the S-CSCF (step 710)for the 3rd-party registration which completes the IMS networkregistration.

If the registration fails, the CS 322 informs the femtocell system 350to perform IMS network deregistration. Assuming the registration issuccessful, an authentication process is then invoked by the femtocellsystem 350 transmitting 1x authentication parameters received from theMS 325 at step 704 to CS 322 in a SIP:MESSAGE(LOCATION_UPDATING_REQUEST) (step 712). The location updatingrequest message includes the random number (RAND) rather than the randomnumber confirmation (RANDC). The location updating request messageadditionally may include parameters, such as a Register ID, ESN, MEID,MIN, IMSI, etc. If the location updating request message includes aP-Access-Network-Info (PANI) header that may specify information aboutthe access technology, the CS 322 saves the PANI information.

The CS 322 acknowledges receipt of the location updating request messageby transmitting a 200 OK SIP response to the femtocell system 350 (step714). Network authentication and registration then occurs via exchangesbetween the CS 322 and HLR/AC (step 716). As part of the authenticationresponse, the HLR/AC may trigger Unique Challenge, SSD update, orCountUpdate procedures.

The CS 322 informs the femtocell system 350 of the authentication andregistration results by transmitting a SIP location updating responsemessage to the femtocell system 350 (step 718). In the event of anauthentication or registration failure, the CS 322 may send aSIP:MESSAGE containing, for example, an XML-encoded message body thatfacilitates deregistration of the femtocell system 350. The femtocellsystem 350 acknowledges receipt of the authentication and registrationresults by sending a 200 OK SIP response to the CS 322 (step 720).

In the event of either a registration or authentication failure, aderegistration process 740 is invoked by the femtocell system 350transmitting a deregistration message, e.g., a SIP: REGISTER messagewith a expire value “0”, to the S-CSCF (step 722). The S-CSCFacknowledges receipt of the deregistration message by transmitting a 200OK SIP response to the femtocell system 350 (step 724). The S-CSCF thentransmits the deregistration message to the CS 322 (step 726) whichacknowledges receipt of the deregistration message by transmitting a 200OK SIP response to the S-CSCF (step 728) thereby completingderegistration of the MS.

The CS 322 may receive a SIP:REGISTER message for a subscriber who isnot currently SIP registered, but for whom the CS 322 maintainssubscription data from the HLR. For example, the CS 322 may maintain theHLR subscription information for a configurable period after a SIPderegistration. In this scenario, a MS re-registration procedure may beinvoked. The re-registration may be consistent with that as describedabove with reference to FIG. 6 except the CS 322 is not required torequest the user profile from the HLR.

Periodic registration is optionally required in mobile networks. Ifperiodic registration is enabled, the HLR may return an “AuthorizationPeriod” in response to a Registration Notification (REGNOT). In thiscase, the CS 322 may send a SIP:MESSAGE (ORDERED_REGISTRATION_REQUEST)before the “Authorization Period” expires. On receiving this request,the femtocell system 350 may send the ordered registration request tothe MS 325 to send registration-related parameters.

Regardless of an “Authorization Period” timer, the SIP registrationperiod dictates the interval at which the SIP registration from thefemtocell system 350 needs to be refreshed. In such a case, thefemtocell system 350 needs to refresh the registration prior to theexpiration period while the MS 325 is attached to the femtocell system350. Such registration procedures are preferably processed locally atthe CS 322. The femtocell system 350 sends a SIP:REGISTER message to theCS 322, and the CS 322 returns a SIP 200 OK response to the femtocellsystem 350.

When deregistration occurs, e.g., either due to registration timeout ormobile-initiated/network deregistration, the CS 322 may typically notdelete HLR subscriber data which is eligible to be aged out, or removedby a REGCANC message. The CS 322 may send a mobile station inactive(MSINACT) message to the HLR with the optional DeregistrationTypeparameter omitted which indicates that subscriber data is still beingmaintained by the CS 322. Such a situation may occur, for example, dueto the MS 325 being powered off and it is desirable to have thesubscription data available when the MS is powered back on. However, thetime the MS was last registered is maintained with the subscriptiondata.

If the MS does not re-register for a configurable time (e.g., 24 hours),the subscriber data may be deleted and an MSINACT message is sent to theHLR with the DeregistrationType set to “administrative reason”indicating that the subscriber data has been purged from the CS 322.This may also occur as needed to free up space in the database therebydeleting the oldest data first based on when it was last accessed.

A mobile initiated de-registration process may be invoked when the CS322 receives a SIP:REGISTER from the femtocell system 350 with a timeoutof zero for a current registration. In an IMS network, the CS 322 mayreceive this message from the S-CSCF as a 3rd-party SIP:REGISTERmessage. For example, such a de-registration may occur when thefemtocell system 350 receives a power-down indication from the MS, thefemtocell system 350 detects MS inactivity, or the femtocell system 350detects a loss of radio contact.

Deregistration may additionally occur due to location updating. When theMS registers in a macrocell, the HLR preferably notifies the CS 322accordingly. If the SIP registration for the corresponding MS iscurrently active, the CS 322 may send a SIP:MESSAGE (Deregister) to thefemtocell system 350 requesting it to deregister. Registrationcancellation may additionally occur due to administrative reasons aswell. In such a case, the MS may be in a call or using some networkservice. If the cancellation indicates that service is to bediscontinued immediately, the CS 322 terminates any call in progress.

FIG. 8 depicts a diagrammatic representation of an AC-triggered uniquechallenge process 800 for a registered MS attached with a femtocellsystem in accordance with an embodiment. Depending on the administrativepolicy at the AC 315, the AC 315 may trigger a unique challenge processfor a currently registered MS 325 at any time.

A unique challenge is initiated by the AC (step 802) and is received bythe CS 322. The CS 322 sends a SIP: MESSAGE(AUTH_REQUEST) to thefemtocell system 350 to initiate a unique authentication challenge (step804). The femtocell system 350 acknowledges receipt of theauthentication challenge by transmitting a 200 Ok SIP response to the CS322 (step 806). Subsequently, the femtocell system 350 sends a uniquechallenge order to the MS (step 808) that includes a pseudo-randomlygenerated value (RANDU). The MS then generates a authentication result(AUTHU), e.g., by invoking the well known CAVE algorithm using the RANDUand the SSD-A currently stored by the MS, the ESN or p-ESN of the MS,and the MIN1 and MIN2 to produce the authentication result (AUTHU). Theauthentication result is then transmitted from the MS 325 to thefemtocell system 350 (step 810). The femtocell system 350 forwards theauthentication result to the CS 322, e.g., using a SIP:MESSAGE(AUTH_RESPONSE) (step 812). The CS 322 may acknowledge receipt of theauthentication result by transmitting a 200 Ok SIP response to thefemtocell system 350 (step 814). An AC report may then be exchanged withthe AC and CS 322 (step 816).

FIG. 9A is a diagrammatic representation of an authentication requestmessage 900 transmitted to the femtocell system from the CS implementedin accordance with an embodiment. The authentication request message 900transmitted to the femtocell system 350, e.g., according to step 804 ofFIG. 8, may be generated by the CS 322 in response to an authenticationchallenge issued by the AC, e.g., according to step 802 of FIG. 8. Theauthentication request message 900 may be implemented as a SIP messageincluding the depicted XML-encoded authentication request message. Inthis implementation, a message ID (msgid) field 902 of theauthentication request message 900 may be null or otherwise excludedfrom the authentication request message 900. The CS 322 preferablyinvokes a timer response that specifies a maximum response time for thefemtocell system 350 to return an authentication response submitted bythe MS thereto. The CS 322 may, for example, invoke the timer afterreceiving the 200 OK response from the femtocell system 350 for theauthentication request, e.g., according to step 806 of FIG. 8. The timeris preferably stopped when the authentication response (AUTH_RESPONSE)message is received, e.g., according to step 812 of FIG. 8. Theauthentication request message 900 preferably includes a registrationfield 904 that includes the identification, e.g., the Register ID(illustratively designated RegID-A) used during the SIP:REGISTERprocedure (e.g., according to step 606 of FIG. 6 that may be derivedfrom an MIN or an IMSI paired with either an MEID, an ESN, or a p-ESN)such that the femtocell system 350 can map the authentication process tothe appropriate session in the case of an AC-initiated request. Theauthentication request message additionally may include thepseudo-randomly generated value (illustratively designated “3354C0”) ina corresponding field 906.

FIG. 9B is a diagrammatic representation of an authentication responsemessage 950 transmitted from the femtocell system 350 to the CS 322implemented in accordance with an embodiment. The authenticationresponse message 950 may be included in a SIP message including thedepicted XML-encoded authentication response message.

The authentication response message 950 may be sent from the femtocellsystem 350 to the CS 322 to respond to a unique challenge, e.g.,according to step 812 of FIG. 8. The authentication response messagepreferably includes an authentication result field 952 that includes anauthentication result (“AUTHU” illustratively designated “021AC3”) thatis provided to the femtocell system 350 from the MS. For example, theauthentication result included in the authentication result field 952may be generated by the MS executing an instance of the CAVE algorithmusing RANDU and the SSD-A currently stored by the MS, the ESN/p-ESN, andthe MIN1 and MIN2.

FIG. 10 depicts a diagrammatic representation of an AC initiated SSDupdate process 1000 implemented in accordance with an embodiment. The AC315 triggers a Shared Secret Data (SSD) update procedure, e.g., as aresult of an administrative policy of the AC, an expiration of anauthentication time interval at the AC, the report of a securityviolation from a visited system, or another trigger event (step 1002).The CS 322 sends a SIP:MESSAGE(SSD_UPDATE_REQUEST) to the femtocellsystem 350 to initiate an SSD Update Order with the MS 325 (step 1004).The femtocell system 350 acknowledges the receipt of the SSD updaterequest message, e.g., by transmitting a 200 Ok SIP response to the CS322 (step 1006). The femtocell system 350 then sends an SSD Update Ordermessage to the MS 325 (step 1008). The MS 325 then produces a new valueof the SSD, e.g., by executing the CAVE algorithm using the value of therandom number seed (RANDSSD), e.g., a pseudo-randomly generatedsequence, provided in the SSD Update order, the ESN or p-ESN, and theA-key. The MS selects a Random Number (RANDBS) and sends a Base StationChallenge order to the femtocell system 350 including the value of theselected RANDBS (step 1010). The MS then executes the CAVE algorithm toproduce an Authentication Result (AUTHBS) using the new value of SSD-A,the ESN or p-ESN, the MIN1, and the Random Number (RANDBS).

Upon receiving the Base Station Challenge order, the femtocell system350 transmits a SIP:MESSAGE(BSCHALL_REQUEST) to the CS 322 (step 1012),which acknowledges receipt thereof by transmitting a 200 Ok SIP responseto the femtocell system 350 (step 1014). A base station challenge isthen initiated between the CS 322 and the HLR/AC (step 1016). The CS 322then sends a SIP: MESSAGE(BSCHALL_RESPONSE) to the femtocell system 350to forward the AUTHBS to the MS in a Base Station Challenge responsemessage (step 1018), and the femtocell system 350 acknowledges receiptof the base station challenge response by transmitting a 200 Ok SIPresponse to the CS 322 (step 1020). The femtocell system 350 then sendsa Base Station Challenge response along with the AUTHBS to the MS 325(step 1022). If the AUTHBS result provided by the AC 315 matches thevalue computed by the MS, the MS 325 stores the new SSD value for use infuture executions of CAVE and sends an SSD Update Confirmation messageto the femtocell system (step 1024). Upon receiving the SSD UpdateConfirmation message, the femtocell system 350 sends a SIP:MESSAGE(SSD_UPDATE_RESPONSE) message to the CS 322 (step 1026), and the CS 322acknowledges receipt thereof, e.g., by transmitting a 200 Ok SIPresponse to the femtocell system (step 1028).

The CS 322 then sends a SIP: MESSAGE(AUTH_REQUEST) to the femtocellsystem 350 to initiate a unique authentication challenge (step 1030).The femtocell system 350 acknowledges receipt of the authenticationchallenge by transmitting a 200 Ok SIP response to the CS 322 (step1032). Subsequently, the femtocell system 350 sends a unique challengeorder to the MS (step 1034). The MS 325 then generates an authenticationresult (AUTHU), e.g., by invoking the well known CAVE algorithm usingthe RANDU and the SSD-A currently stored by the MS, the ESN or p-ESN ofthe MS, and the MIN1 and MIN2 to produce the authentication result(AUTHU). The authentication result is then transmitted from the MS 325to the femtocell system 350 (step 1036). The femtocell system 350forwards the authentication result to the CS 322, e.g., using aSIP:MESSAGE (AUTH_RESPONSE) (step 1038). The CS 322 may acknowledgereceipt of the authentication result by transmitting a 200 Ok SIPresponse to the femtocell system 350 (step 1040). An AC report is thenexchanged with the network, e.g., between the CS 322 and the HLR/AC(step 1042).

FIG. 11A is a diagrammatic representation of an SSD update requestmessage 1100 implemented in accordance with an embodiment and producedin response to an AC initiated SSD update. The SSD update requestmessage 1100 may be included in a SIP message including the depictedXML-encoded SSD update request message.

The SSD update request message 1100 may be transmitted from the CS 322to the femtocell system 350 to update the shared secret data (SSD)stored at the MS, e.g., according to step 1004 of FIG. 10. In anembodiment, the SSD update request message 1100 may include a message IDfield 1102 that may be nulled or otherwise excluded from the SSD updaterequest message 1100 in the event the SSD update is initiated by the AC.A maximum response timer may be invoked by the AC 322, e.g., afterreceiving the 200 OK response according to step 1006 of FIG. 10 from thefemtocell system for the SSD update request. The timer may be stoppedwhen the BSC challenge request is received by the CS 322 according tostep 1012 of FIG. 10. The SSD update request message 1100 preferablyincludes a registration field 1104 that includes the MS identification,e.g., the Register ID (illustratively designated RegID-A) used duringthe SIP:REGISTER procedure (e.g., according to step 606 of FIG. 6 thatmay be derived from an MIN or an IMSI paired with either an MEID, anESN, or a p-ESN) such that the femtocell system 350 can map theauthentication process to the appropriate session in the case of anAC-initiated SSD update request. The SSD update request message 1100 mayadditionally include a random seed value field 1106 that includes therandom seed value (illustratively designated “D3568710A76E21”)

FIG. 11B is a diagrammatic representation of an SSD update responsemessage 1120 implemented in accordance with an embodiment. The SSDupdate response message 1120 may be included in a SIP message includingthe depicted XML-encoded SSD update response message. The SSD updateresponse 1120 is sent from the femtocell system 350 to the CS 322 toindicate the status of the SSD update according to step 1026 of FIG. 10.

The CS 322 may invoke a timer for receipt of the SSD update responsemessage 1120, e.g., upon receipt of the 200 OK response for the BSchallenge response according to step 1020 and may be stopped when an SSDupdate response message is received according to step according to step1026.

FIG. 11C is a diagrammatic representation of a base station challengerequest (BSCHALL_REQUEST) message 1140 implemented in accordance with anembodiment. The base station challenge request message 1140 ispreferably transmitted from the femtocell system 350 to the CS 322 toperform a base station challenge, e.g., according to step 1012 of FIG.10. The base station challenge request message 1140 may be included in aSIP message including the depicted XML-encoded base station challengerequest message.

In an embodiment, the base station challenge request message 1140 mayinclude a message ID field 1142 that may be nulled or otherwise excludedfrom the base station challenge request message 1140 in the event thebase station challenge request is initiated by the AC. The base stationchallenge request message may include a random number field 1144 thatincludes the random number (RANDBS) selected by the MS. A timer forresponse to the base station challenge request may be invoked, e.g.,after receipt of the 200 OK response received by the femtocell system350 from the CS 322 for the base station challenge request according tostep 1014. The timer is preferably stopped when the base stationchallenge response (BSCHALL_RESPONSE) is received by the femtocellsystem 350 from the CS 322 according to step 1018.

FIG. 11D is a diagrammatic representation of a base station challengeresponse (BSCHALL_RESPONSE) message 1160 implemented in accordance withan embodiment. The base station challenge response message 1160 ispreferably transmitted from the CS 322 to the femtocell system 350,e.g., according to step 1018 of FIG. 10. The base station challengeresponse message 1160 may be included in a SIP message including thedepicted XML-encoded base station challenge response message andincludes an authentication result field 1162 that includes theauthentication result produced by the authentication center.

In accordance with another embodiment, an AC-initiated CallHistoryCount(COUNT) Update may be performed. In this implementation, the AC triggersthe CallHistoryCount update as a result of, for example, administrativeprocedures at the AC, the expiration of an authentication time intervalat the AC, the report of a security violation from a visited system, orother trigger events.

FIG. 12 depicts a diagrammatic representation of an AC initiatedCallHistoryCount update process 1200 implemented in accordance with anembodiment. A count update occurs by an exchange between the HLR/AC andthe CS 322 (step 1202). The CS 322 then transmits aSIP:MESSAGE(PARAMETER_UPDATE_REQUEST) to the femtocell system 350 toinitiate the parameter update order to the MS 325 (step 1204). Thefemtocell system 350 acknowledges receipt of the parameter updaterequest message, e.g., by transmitting a 200 Ok SIP response to the CS322 (step 1206). The femtocell system 350 then sends the parameterupdate order to the MS 325 (step 1208). The MS 325 increments its valueof the CallHistoryCount and sends a confirmation to the femtocell system350 (step 1210). The femtocell system 350, in turn, informs the CS 322of the COUNT update confirmation by sending a SIP:MESSAGE(PARAMETER_UPDATE_RESPONSE) to the CS 322 (step 1212) which acknowledgesreceipt of the parameter update response, e.g., by transmitting a 200 OkSIP response to the femtocell system 350 (step 1214). An AC report isthen exchanged between the CS 322 and the network, e.g., the HLR/AC(step 1216).

FIG. 13A is a diagrammatic representation of a parameter update requestmessage 1300 (PARAMETER_UPDATE_REQUEST) implemented in accordance withan embodiment. The parameter update request message 1300 is preferablytransmitted from the CS 322 to the femtocell system 350 to request acall history count update, e.g., according to step 1204 of FIG. 12. Theparameter update request message 1300 may be included in a SIP messageincluding the depicted XML-encoded parameter update request message.

The parameter update request message 1300 may include message ID filed1302 that is nulled or otherwise excluded in the case of an AC-initiatedupdate request. A maximum timer may be invoked for response to theparameter update request by the CS 322, e.g., upon receipt of the 200 OKresponse from the femtocell system 350 according to step 1206 of FIG.12. The timer may be stopped when the parameter update response(PARAMETER_UPDATE_RESPONSE) is received by the CS 322, e.g., accordingto step 1212 of FIG. 12. The parameter update request message 1300preferably includes a registration field 1304 that includes the MSidentification, e.g., the Register ID (illustratively designatedRegID-A) used during the SIP:REGISTER procedure (e.g., according to step606 of FIG. 6 that may be derived from an MIN or an IMSI paired witheither an MEID, an ESN, or a p-ESN) such that the femtocell system 350can map the parameter update process to the appropriate session in thecase of an AC-initiated update process.

FIG. 13B is a diagrammatic representation of a parameter update responsemessage 1350 (PARAMETER_UPDATE_RESPONSE) implemented in accordance withan embodiment. The parameter update response message is preferablytransmitted from the femtocell system 350 to the CS 322, e.g., accordingto step 1212 of FIG. 12, to return the results of a parameter updaterequest. The parameter update response message 1350 may be included in aSIP message including the depicted XML-encoded parameter update responsemessage. The parameter update response message preferably includes asuccessful update field 1352 that includes a value, e.g., a Boolean Trueor False value that specifies whether the parameter update wassuccessfully or unsuccessfully performed.

As described, mechanisms for facilitating authenticationcenter-initiated authentication procedures for a mobile station attachedwith a femtocell system are provided. A femtocell system may generate aregistration identification of a mobile station from one or more mobilestation authentication parameters. A convergence server located in acore network receives an authentication procedure request from anauthentication center for the mobile station attached with the femtocellsystem and generates an authentication procedure request message thatincludes the registration identifier assigned to the mobile station. Theconvergence server then transmits the authentication procedure requestmessage to the femtocell system and receives a response to theauthentication procedure request message from the femtocell system. Inan embodiment, the authentication procedure request comprises a uniquechallenge. In another embodiment, the authentication procedure requestcomprises a shared secret data update procedure. In yet anotherembodiment, the authentication procedure request comprises a callhistory count update procedure.

The illustrative block diagrams depict process steps or blocks that mayrepresent modules, segments, or portions of code that include one ormore executable instructions for implementing specific logical functionsor steps in the process. Although the particular examples illustratespecific process steps or procedures, many alternative implementationsare possible and may be made by simple design choice. Some process stepsmay be executed in different order from the specific description hereinbased on, for example, considerations of function, purpose, conformanceto standard, legacy structure, user interface design, and the like.

Aspects of the present invention may be implemented in software,hardware, firmware, or a combination thereof. The various elements ofthe system, either individually or in combination, may be implemented asa computer program product tangibly embodied in a machine-readablestorage device for execution by a processing unit. Various steps ofembodiments of the invention may be performed by a computer processorexecuting a program tangibly embodied on a computer-readable medium toperform functions by operating on input and generating output. Thecomputer-readable medium may be, for example, a memory, a transportablemedium such as a compact disk, a floppy disk, or a diskette, such that acomputer program embodying the aspects of the present invention can beloaded onto a computer. The computer program is not limited to anyparticular embodiment, and may, for example, be implemented in anoperating system, application program, foreground or background process,driver, network stack, or any combination thereof, executing on a singleprocessor or multiple processors. Additionally, various steps ofembodiments of the invention may provide one or more data structuresgenerated, produced, received, or otherwise implemented on acomputer-readable medium, such as a memory.

Although embodiments of the present invention have been illustrated inthe accompanied drawings and described in the foregoing description, itwill be understood that the invention is not limited to the embodimentsdisclosed, but is capable of numerous rearrangements, modifications, andsubstitutions without departing from the spirit of the invention as setforth and defined by the following claims. For example, the capabilitiesof the invention can be performed fully and/or partially by one or moreof the blocks, modules, processors or memories. Also, these capabilitiesmay be performed in the current manner or in a distributed manner andon, or via, any device able to provide and/or receive information.Further, although depicted in a particular manner, various modules orblocks may be repositioned without departing from the scope of thecurrent invention. Still further, although depicted in a particularmanner, a greater or lesser number of modules and connections can beutilized with the present invention in order to accomplish the presentinvention, to provide additional known features to the presentinvention, and/or to make the present invention more efficient. Also,the information sent between various modules can be sent between themodules via at least one of a data network, the Internet, an InternetProtocol network, a wireless source, and a wired source and viaplurality of protocols.

What is claimed is:
 1. A method, comprising: receiving, by a convergenceserver located in a core network, an authentication procedure requestfrom an authentication center for a mobile station attached with afemtocell system; generating, by the convergence server, anauthentication procedure request message that includes a registrationidentifier assigned to the mobile station, the registration identifiercomprising a pseudo-electronic serial number derived from a mobileequipment identifier for the mobile station; transmitting, by theconvergence server, the authentication procedure request message to thefemtocell system; and receiving, by the convergence server, a responseto the authentication procedure request message from the femtocellsystem; wherein the authentication procedure request comprises a uniquechallenge, and wherein the authentication procedure request messagecomprises an authentication request that includes a pseudo-randomlygenerated value; wherein the response includes an authentication resultgenerated by the mobile station using the pseudo-randomly generatedvalue and a shared secret data key.
 2. The method of claim 1, whereinthe femtocell system maps the authentication procedure to the mobilestation using the registration identifier.
 3. The method of claim 1,wherein the authentication procedure request comprises a shared secretdata update procedure, and wherein the authentication procedure requestmessage comprises a shared secret data update request message.
 4. Themethod of claim 3, further comprising transmitting, by the femtocellsystem, an update order to the mobile station that includes a randomnumber seed.
 5. The method of claim 4, further comprising receiving, bythe convergence server, a base station challenge request message fromthe femtocell system including a pseudo-random value selected by themobile station.
 6. The method of claim 5, further comprising: engaging,by the convergence server, the authentication center in a base stationchallenge process; and transmitting, by the convergence server, a basestation challenge response to the femtocell system including a basestation authentication result received from the authentication center.7. The method of claim 6, further comprising updating, by the mobilestation, a shared secret data key in the event the base stationauthentication result in the base station challenge response matches abase station authentication result produced by the mobile station. 8.The method of claim 1, wherein the authentication procedure requestcomprises a call history count update procedure, and wherein theauthentication procedure request message comprises a count updatemessage.
 9. A non-transitory computer-readable medium havingcomputer-executable instructions tangibly embodied thereon for executionby a processing system, the computer-executable instructions, whenexecuted, cause the processing system to: receive, by a convergenceserver located in a core network, an authentication procedure requestfrom an authentication center for the mobile station attached with thefemtocell system; generate, by the convergence server, an authenticationprocedure request message that includes a registration identifierassigned to the mobile station, the registration identifier comprising apseudo-electronic serial number derived from a mobile equipmentidentifier for the mobile station; map the authentication procedure tothe mobile station using the registration identifier; transmit, by theconvergence server, the authentication procedure request message to thefemtocell system; and receive, by the convergence server, a response tothe authentication procedure request message from the femtocell system;wherein the authentication procedure request comprises a uniquechallenge, the authentication procedure request message comprises anauthentication request that includes a pseudo-randomly generated value,and the response includes an authentication result generated by themobile station using the pseudo-randomly generated value and a sharedsecret data key.
 10. The non-transitory computer-readable medium ofclaim 9, wherein the authentication procedure request comprises a sharedsecret data update procedure and the authentication procedure requestmessage comprises a shared secret data update request message, thenon-transitory computer-readable medium further comprising instructionsthat, when executed by the processing system, cause the processingsystem to transmit, by the femtocell system, an update order to themobile station that includes a random number seed.
 11. Thenon-transitory computer-readable medium of claim 10, further comprisinginstructions that, when executed by the processing system, cause theprocessing system to: receive, by the convergence server, a base stationchallenge request message from the femtocell system including apseudo-random value selected by the mobile station; engage, by theconvergence server, the authentication center in a base stationchallenge process; and transmit, by the convergence server, a basestation challenge response to the femtocell system including a basestation authentication result received from the authentication center.12. The non-transitory computer-readable medium of claim 11, furthercomprising instructions that, when executed by the processing system,cause the processing system to update, by the mobile station, a sharedsecret data key in the event the base station authentication result inthe base station challenge response matches a base stationauthentication result produced by the mobile station.
 13. Thenon-transitory computer-readable medium of claim 9, wherein theauthentication procedure request comprises a call history count updateprocedure, and wherein the authentication procedure request messagecomprises a count update message.
 14. A system, comprising: a corenetwork that includes a convergence server; a mobile core network thatincludes an authentication center; an Internet Protocol-based femtocellsystem that provides a radio access point for a mobile station, whereinthe convergence server receives an authentication procedure request fromthe authentication center for the mobile station, generates anauthentication procedure request message that includes a registrationidentifier assigned to the mobile station, the registration identifiercomprising a pseudo-electronic serial number derived from a mobileequipment identifier for the mobile station, and wherein the femtocellsystem maps the authentication procedure to the mobile station using theregistration identifier; transmit the authentication procedure requestmessage to the femtocell system; and receives a response to theauthentication procedure request message from the femtocell system;wherein the authentication procedure request comprises a uniquechallenge, the authentication procedure request message comprises anauthentication request that includes a pseudo-randomly generated value,and the response includes an authentication result generated by themobile station using the pseudo-randomly generated value and a sharedsecret data key.
 15. The system of claim 14, wherein the authenticationprocedure request comprises a shared secret data update procedure andthe authentication procedure request message comprises a shared secretdata update request message, wherein the femtocell system transmits anupdate order to the mobile station that includes a random number seed.16. The system of claim 15, wherein the convergence server receives abase station challenge request message from the femtocell systemincluding a pseudo-random value selected by the mobile station, engagesthe authentication center in a base station challenge process, andtransmits a base station challenge response to the femtocell systemincluding a base station authentication result received from theauthentication center.